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Amendments to the Claims : 
This Hsting of claims replaces all prior versions and Ustings of claims in the application: 

Listing of Claims : 

1. (Currently Amended): A method for securing an accessible computer system, the 
method comprising: 

monitoring for connection transactions between multiple access requestors and access 
providers using at a switch switching compon e nt that is connected to the access providers and 
transfers data to and from the access providers , wherein the monitoring includes detecting 
connection transactions between multiple Internet protocol addresses and the access providers 
with the switching compon e nt switch : and 

denying, at the switch, access by an attacking access requestor to the access providers 
when a number of connection transactions initiated by the attacking access requestor through the 
switching compon e nt switch exceeds a configurable threshold number during a first configurable 
period of time. 

2. (Canceled) 

3. (Currently Amended): The method as in claim 1, wherein the monitoring further 
includes counting, using the switching compon e nt switch, the number of connection transactions 
initiated by the access requestors to any of the access providers through the switching compon e nt 
switch during the first configurable period of time. 

4. (Currently Amended): The method as in claim 3, wherein: 

the monitoring fiirther includes comparing, using the switching compon e nt switch , the 
number of connection transactions initiated by the access requestors through the switching 
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compon e nt switch dtaring the first configurable period of time to the configurable threshold 
number, and 

denying access by the attacking access requestor to the access providers includes 
denying, using the switching compon e nt switch , access by the attacking access requestor to all of 
the access providers connected to the switching component switch when the comparison results 
indicate that the number of connection transactions initiated by the attacking access requestor 
during the first configurable period of time exceeds the configurable threshold number. 

5. (Canceled) 

6. (Currently Amended): The method as in claim 1, wherein the monitoring fiirther 
includes counting, using the switching compon e nt switch, the number of connection transactions 
initiated to any of the access providers by the hitemet protocol addresses during the first 
configurable period of time such that the number of connection transactions reflects a cumulative 
number of connection transactions initiated to any of the access providers by the Internet 
protocol addresses. 

7. (Currently Amended): The method as in claim 6, wherein the monitoring further 
includes comparing, using the switching compon e nt switch , the number of connection 
transactions initiated by the Litemet protocol addresses during the first configurable period of 
time to the configurable threshold number, and 

denying access by the attacking access requestor to the access providers includes 
denying, using the switching compon e nt switch, access by the attacking access requestor to all of 
the access providers connected to the switching compon e nt switch when the comparison results 
indicate that the number of connection transactions initiated by the Litemet protocol address 
associated with the attacking access requestor during the first configurable period of time 
exceeds the configurable threshold number. 
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8. (Original): The method as in claim 6, wherein the monitoring includes monitoring a 
computer system for connection transactions made using TCP. 

9. (Previously Presented): The method as in claim 1, wherein the detecting includes 
identifying the Internet protocol addresses through the use of a header attached to a message 
representing the connection transaction being detected. 

10. (Currently Amended): The method as in claim 1, wherein the denying of access 
includes denying access to the access providers through the switching compon e nt switch by the 
attacking access requestor for a second configurable period of time. 

1 1 . (Currently Amended): The method as in claim 10, wherein the denying of access 
further includes resetting the second configurable period of time after detecting a new connection 
transaction initiated by the attacking access requestor through the switching compon e nt switch 
during the second configurable period of time. 

12. (Currently Amended): The method as in claim 1, wherein the denying of access 
includes denying access to the access providers through the switching compon e nt switch by the 
attacking access requestor for a second configurable period of time after detecting a most recent 
coimection transaction initiated by the attacking access requestor through the switching 
compon e nt switch . 

13. (Currently Amended): The method as in claim 1, wherein the access requestors are 
clients and the access providers are hosts such that the monitoring includes detecting connection 
transactions through the switching compon e nt switch between multiple clieiits and multiple 
hosts. 
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14. (Currently Amended): The method as in claim 3, wherein the counting further 
comprises counting, using the switching compon e nt switch , a cumulative number of connection 
transactions for all of the access providers connected to the switching component switch initiated 
by each of the access requestors during the first configurable period of time. 

15. (Currently Amended): A system for securing an accessible computer system, 



a switching compon e nt switch that is connected to access providers having means for: 
transferring data to and fi-om the access providers; 

monitoring for connection transactions between multiple access requestors and 
the access providers, wherein the monitoring includes detecting connection transactions 
between multiple Internet protocol addresses and the access providers with the switching 
compon e nt switch ; and 

denying access by an attacking access requestor to the access providers when a 
number of connection transactions initiated by the attacking access requestor exceeds a 
configurable threshold number during a first configurable period of time. 

16. (Currently Amended): The system of claim 15, wherein the switching compon e nt 
switch includes: 

means for detecting connection transactions initiated by the access requestors through the 
switching compon e nt switch ; 

means for counting the number of connection transactions initiated by the access 
requestors to any of the access providers through the switching component switch during the first 
configurable period of time; 

means for comparing the number of connection transactions initiated by the access 
requestors through the switching compon e nt switch during the first configurable period of time 
to the configurable threshold number; and 



comprising: 
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the means for denying access by the attacking access requestor to the access providers 
includes means for denying access by the attacking access requestor to all of the access providers 
when the comparison results indicate that the number of connection transactions initiated by the 
attacking access requestor during the first configurable period of time exceeds the configurable 
threshold number. 

17. (Currently Amended): The system of claim 15, wherein the switching compon e nt 
switch includes: 

means for detecting connection transactions between the multiple Internet protocol 
addresses and the access providers using the switching compon e nt switch : 

means for counting the number of connection transactions to any of the access providers 
initiated by the hitemet protocol addresses through the switching component switch during the 
first configurable period of time such that the number of connection ti-ansactions reflects a 
cumulative number of connection transactions initiated to any of the access providers by the 
Intemet protocol addresses; 

means for comparing the number of connection transactions initiated by the hitemet 
protocol addresses through the switching compon e nt switch during the first configurable period 
of time to the configurable threshold number; and 

the means for denying access by the attacking access requestor to the access providers 
includes means for denying access by the attacking access requestor to all of the access providers 
when the comparison results indicate that the number of connection ti-ansactions initiated by the 
Intemet protocol address associated with the attacking access requestor during the first 
configurable period of time exceeds the configurable threshold nvimber. 

18. (Original): The system of claim 17, wherein the means for monitoring includes means 
for monitoring a computer system for coimection transactions made using TCP. 
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19. (Previously Presented): The system of claim 17, wherein the means for detecting 
includes: 

means for identifying the Internet protocol addresses through the use of a header attached 
to a message representing the connection transaction being detected. 

20. (Currently Amended): The system of claim 15, wherein the switching component 
switch includes: 

means for denying access to the access providers through the switching compon e nt 
switch by the attacking access requestor for a second configurable period of time. 

21. (Currently Amended): The system of claim 20, wherein the means for denying access 
further includes: 

means for resetting the second configurable period of time after detecting a new 
connection transaction initiated by the attacking access requestor through the switching 
compon e nt switch during the second configurable period of time. 

22. (Currently Amended): The system of claim 15, wherein the means for the switching 
compon e nt switch includes: 

means for denjdng access to the access providers through the switching compon e nt 
switch by the attacking access requestor for a second configurable period of time after detecting 
a most recent connection transaction initiated by the access requestor. 

23. (Currently Amended): The system of claim 15, wherein the access requestors are 
clients and the access providers are hosts such that the means for the switching component 
switch includes: 

means for detecting connection transactions through the switching compon e nt switch 
between multiple clients and multiple hosts. 
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24. (Currently Amended): The system of claim 16, wherein the means for counting 
further comprises means for counting a cumulative number of connection transactions for all of 
the access providers connected to the svyitching compon e nt switch initiated by each of the access 
requestors during the first configurable period of time. 

25. (Currently Amended): A system for securing an accessible computer system, 



a switching compon e nt switch that is connected to access providers and transfers data to 
and firom the access providers , wherein the switch is structured and arranged to: 

monitor for connection transactions between multiple access requestors and 
access providers, wherein to monitor for connection transactions include to detect 
connection transactions between multiple Internet protocol addresses and the access 
providers with the switching compon e nt switch ; and 

deny access by the access requestor to the access providers when a number of 
connection transactions initiated by an attacking access requestor exceed a configurable 
threshold number during a first configurable period of time. 

26. (Currently Amended): The system of claim 25, wherein the switching compon e nt 
switch comprises: 

a detection component that is structured and arranged to detect connection transactions 
initiated by the access requestors through the switching component switch : 

a counting component that is structured and arranged to count the number of connection 
transactions initiated by the access requestors to any of the access providers through the 
switching compon e nt switch during the first configurable period of time; 

a comparing component that is structured and arranged to compare the number of 
connection transactions initiated by the access requestors through the switching compon e nt 
switch during the first configurable period of time to the configurable threshold number; and 
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the switching compon e nt switch is configured to deny access by the attacking access 
requestor to all of the access providers when the comparison results indicate that the number of 
connection transactions initiated by the attacking access requestor during the first configurable 
period of time exceeds the configurable threshold number. 

27. (Currently Amended): The system of claini 25, wherein the switching compon e nt 
switch comprises: 

a detection component that is structured and arranged to detect connection transactions 
through the switching compon e nt switch between the multiple Internet protocol addresses and 
the access providers; 

a counting component that is structured and arranged to count the number of connection 
transactions to any of the access providers initiated through the switching compon e nt switch by 
the Internet protocol addresses during the first configurable period of time such that the number 
of connection transactions reflects a cumulative number of connection ti-ansactions initiated to 
any of the access providers by the Internet protocol addresses; 

a comparing component that is structured and arranged to compare the number of 
connection transactions initiated through the switching compon e nt switch by the Internet 
protocol addresses during the first configurable period of time to the configurable threshold 
number; and 

the switching component switch is configured to deny access by the attacking access 
requestor to all of the access providers when the comparison results indicate that the number of 
connection ti-ansactions initiated by the Internet protocol address associated with the attacking 
access requestor during the first configurable period of time exceeds the configurable threshold 
number. 

28. (Original): The system of claim 27, wherein the connection transactions include 
connections made using TCP. 
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29. (Previously Presented): The system of claim 27, wherein the detection component 
comprises: 

an identifying component that is structured and arranged to identify the Internet protocol 
addresses through the use of a header attached to a message representing the connection 
transaction being detected. 

30. (Currently Amended): The system of claim 25, wherein the switching compon e nt 
switch comprises: 

an access preventer that is structured and arranged to deny access to the access providers 
through the switching component switch by the attacking access requestor for a second 
configurable period of time. 

31. (Currently Amended): The system of claim 30, wherein the switching compon e nt 
switch further comprises: 

a timing component that is structured and arranged to meastire the second configurable 
period of time during which the access preventer denies access to the access providers by the 
attacking access requestor. 

32. (Currently Amended): The system of claim 31, wherein the switching component 
switch fijrther comprises: 

a reset component that is structured and arranged to reset the timing component after 
detecting a new connection transaction initiated by the attacking access requestor through the 
switching compon e nt switch during the second configurable period of time. 

33. (Currently Amended): The system of claim 25, wherein the switching compon e nt 
switch comprises: 

an access preventer that is structured and arranged to deny access to the access providers 
through the switching compon e nt switch by the attacking access requestor for a second 
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configurable period of time after detecting a most recent connection transaction initiated by the 
access requestor. 

34. (Currently Amended): The system of claim 25, wherein the access requestors are 
chents and the access providers are hosts such that the switching compon e nt switch comprises: 

a detection component that is structured and arranged to detect connection transactions 
through the switching component switch between multiple chents and multiple hosts. 

35. (Currently Amended): The system of claim 26, wherein the counting component 
fijTther comprises counting a cumulative number of coimection transactions for all of the access 
providers connected to the switching compon e nt switch initiated by each of the access requestors 
dtiring the first configurable period of time. 

36. (Currently Amended): The system of claim 25, wherein a host computer system 
receives communications from the switching compon e nt switch . 

37. (Currently Amended): The system of claim 25, wherein the switching compon e nt 
switch is included in a host computer system. 

38. (Currently Amended): The method of claim 1 wherein denying access by the 
attacking access requestor to the access providers when the number of coimection transactions 
initiated by the attacking access requestor through the switching compon e nt switch exceeds a 
configurable threshold number during the first configurable period of time comprises denying, 
using the switching compon e nt switch, access by the attacking access requestor to all of the 
access providers connected to the switching compon e nt switch irrespective of which of the 
access providers to which the attacking access requestor initiated coimection transactions to 
exceed the configurable threshold. 
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39. (Currently Amended): The method of claim 1 wherein the monitoring includes 
monitoring, using a switching compon e nt switch configured to estabhsh communication links 
between access requestors and access providers, for attempts, by the attacking access requestor, 
to establish a communication link with any of the access providers. 

40. (Previously Presented): The method of claim 39 wherein monitoring for attempts, by 
the attacking access requestor, to establish a communication link with any of the access 
providers includes monitoring for attempts, by the attacking access requestor, to establish a 
commimication link with any of the access providers, the establishment of a communication link 
between the attacking access requestor and one of the access providers involving exchange of 
more than two electronic messages. 

41 . (Ctxrrently Amended): The method of claim 1 1 further comprising: 
determining, using the switching component switch , that the second configurable time 

period has passed without detecting a new connection transaction initiated by the attacking 
access requestor to any of the access providers through the switching compon e nt switch ; and 

in response to determining that the second configurable time period has passed without 
detecting a new connection transaction initiated by the attacking access requestor to any of the 
access providers through the switching compon e nt switch, allowing access by an attacking 
access requestor to the access providers. 

42. (Currently Amended): The method of claim 1 wherein: 

the access providers include a first access provider and a second access provider that is 
different firom the first access provider; and 

monitoring for connection transactions between multiple access requestors and access 
providers using the switching compon e nt switch connected to the access providers includes: 
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detecting, using the switching compon e nt switch, a first number of connection 
transactions initiated by the attacking access requestor to the first access provider during 
the first configurable period of time, and 

detecting, using the switching compon e nt switch, a second number of connection 
transactions initiated by the attacking access requestor to the second access provider 
during the first configurable period of time, and 

denying access by the attacking access requestor to the access providers when the number 
of connection transactions initiated by the attacking access requestor through the switching 
compon e nt switch exceeds the configurable threshold number during the first configurable 
period of time includes denying access by the attacking access requestor to both the first access 
provider and the second access provider when a sum of the first number of connection 
transactions and the second nvunber of coimection transactions exceeds the configurable 
threshold number. 

43. (Currently Amended): The method of claim 42 wherein: 
detecting, using the switching compon e nt switch, the first number of connection 
transactions initiated by the attacking access requestor to the first access provider during the first 
configurable period of time includes detecting a first number of connection transactions that 
exceeds the configurable threshold number during the first configurable period of time, 

detecting, using the switching compon e nt switch , a second number of connection 
ti-ansactions initiated by the attacking access requestor to the second access provider during the 
first configurable period of time includes detecting zero connection ti-ansactions initiated by the 
attacking access requestor to the second access provider during the first configurable period of 
time, and 

denying access by the attacking access requestor to both the first access provider and the 
second access provider when a sum of the first number of connection transactions and the second 
number of connection transactions exceeds the configurable threshold number includes denying 
access by the attacking access requestor to both the first access provider and the second access 



Applicant : Joseph Barrett et al. Attorney's Docket No.: 06975-131001 / Security 08 

Serial No. : 09/666,140 

Filed : September 20, 2000 

Page : 14 of 18 



provider when the first number of connection transactions exceeds the configurable threshold 
number and the second number of connection transactions is zero. 

44. (Currently Amended) The method of claim 42 wherein: 

detecting, using the switching compon e nt switch, the first number of connection 
transactions initiated by the attacking access requestor to the first access provider during the first 
configurable period of time includes detecting a first number of coimection transactions that is 
less than the configurable threshold number during the first configurable period of time, 

detecting, using the switching compon e nt switch, a second number of connection 
transactions initiated by the attacking access requestor to the second access provider during the 
first configurable period of time includes detecting a second number of connection transactions 
that is less than the configurable threshold number during the fnst configurable period of time, 
the sum of the first number of connection transactions and the second number of connection 
transactions exceeding the configurable threshold number, and. 

denying access by the attacking access requestor to both the first access provider and the 
second access provider when a sum of the first number of connection transactions and the second 
number of connection ti-ansactions exceeds the configurable threshold number includes denying 
access by the attacking access requestor to both the first access provider and the second access 
provider when the sum of the first number of coimection transactions and the second number of 
connection transactions exceeds the configurable threshold number, even though neither the first 
number of coimection transactions nor the second number of coimection transactions exceeds the 
configurable threshold ntmiber. 

45. (Previously Presented) The method of claim 1 wherein: 

the access providers include a first access provider and a second access provider that is 
different fi-om the first access provider, and 

the monitoring takes into accoimt interactions of the attacking access requestor with both 
the first access provider and second access provider. 



